package com.ping.shiro;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

import com.ping.dao.UserInfoRepository;
import com.ping.dao.UserRoleRepository;
import com.ping.domain.UserInfo;
import com.ping.domain.UserRole;

/**
 * 自定义的realm，认证
 * 
 * @author 浩子 2018年10月17日
 */
@Service
public class MyShiroRealm extends AuthorizingRealm {

	@Autowired
	private UserInfoRepository userInfoRepository; // 用户的仓库
	@Autowired
	private UserRoleRepository userRoleRepository; // 用户角色仓库

	/*
	 * 获取用户的权限 并进行权限认证
	 * 
	 * @see
	 * org.apache.shiro.realm.AuthorizingRealm#doGetAuthorizationInfo(org.apache
	 * .shiro.subject.PrincipalCollection)
	 */
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {

		System.out.println("权限认证：doGetAuthorizationInfo");

		String username = (String) super.getAvailablePrincipal(principalCollection);
		System.out.println("username = " + username);

		SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
		UserInfo userInfo = userInfoRepository.findByUsername(username);
		UserRole userRole = userRoleRepository.findByUserId(userInfo.getId());

		if (userRole.getRoleId() == 1) // admin 管理员有管理员的权限
		{
			simpleAuthorizationInfo.addStringPermission("admin:listUser");
		}
		if (userRole.getRoleId() == 2) {
			simpleAuthorizationInfo.addStringPermission("test1:addUser");
		}
		return simpleAuthorizationInfo;
	}

	/*
	 * 获取账号密码的信息,即：账号密码信息是否准确
	 * 
	 * @see
	 * org.apache.shiro.realm.AuthenticatingRealm#doGetAuthenticationInfo(org.
	 * apache.shiro.authc.AuthenticationToken)
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken)
			throws AuthenticationException {
		// 账号密码的盾牌
		UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
		String username = token.getUsername();
		String password = new String(token.getPassword());

		UserInfo userInfo = userInfoRepository.findByUsername(username);

		if (userInfo == null) {
			// 用户名错误
			throw new UnknownAccountException("用户名不存在");
		}
		if (!userInfo.getPassword().equals(password)) {
			throw new IncorrectCredentialsException("密码不正确");
		}
		SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(username, password, getName());
		return simpleAuthenticationInfo;

	}

}
